e4229171...58b4 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Wiper, Dropper, Trojan, Ransomware

Takeaway (2).exe

Windows Exe (x86-32)

Created at 2019-11-04T12:14:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.

(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Takeaway (2).exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 318.84 KB
MD5 d15ca3626870c41fc5dda5d108f96f89 Copy to Clipboard
SHA1 bd419ebd0479bfa19493a2621370d0cec4f16cde Copy to Clipboard
SHA256 e4229171d5e45f3f96f2b16839381c7342a3c7883e9181ed6134c4d84c5258b4 Copy to Clipboard
SSDeep 6144:QsCwu+mWhJifvtNP/7YXSLB80PqO/PhR3pviv6ZCg6:NxmIJQvPkitEqZR3pvC6Az Copy to Clipboard
ImpHash 027ea80e8125c6dda271246922d4c3b0 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x41cec9
Size Of Code 0x2e200
Size Of Initialized Data 0x2f800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2017-08-11 13:54:06+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2e1cb 0x2e200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.69
.rdata 0x430000 0x98a0 0x9a00 0x2e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.12
.data 0x43a000 0x1f290 0xc00 0x38000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.24
.gfids 0x45a000 0xe8 0x200 0x38c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.06
.rsrc 0x45b000 0x4680 0x4800 0x38e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.64
.reloc 0x460000 0x1f58 0x2000 0x3d600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.62
Imports (1)
»
KERNEL32.dll (134)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError 0x0 0x430000 0x38c9c 0x3729c 0x202
SetLastError 0x0 0x430004 0x38ca0 0x372a0 0x473
GetCurrentProcess 0x0 0x430008 0x38ca4 0x372a4 0x1c0
DeviceIoControl 0x0 0x43000c 0x38ca8 0x372a8 0xdd
SetFileTime 0x0 0x430010 0x38cac 0x372ac 0x46a
CloseHandle 0x0 0x430014 0x38cb0 0x372b0 0x52
CreateDirectoryW 0x0 0x430018 0x38cb4 0x372b4 0x81
RemoveDirectoryW 0x0 0x43001c 0x38cb8 0x372b8 0x403
CreateFileW 0x0 0x430020 0x38cbc 0x372bc 0x8f
DeleteFileW 0x0 0x430024 0x38cc0 0x372c0 0xd6
CreateHardLinkW 0x0 0x430028 0x38cc4 0x372c4 0x93
GetShortPathNameW 0x0 0x43002c 0x38cc8 0x372c8 0x261
GetLongPathNameW 0x0 0x430030 0x38ccc 0x372cc 0x20f
MoveFileW 0x0 0x430034 0x38cd0 0x372d0 0x363
GetFileType 0x0 0x430038 0x38cd4 0x372d4 0x1f3
GetStdHandle 0x0 0x43003c 0x38cd8 0x372d8 0x264
WriteFile 0x0 0x430040 0x38cdc 0x372dc 0x525
ReadFile 0x0 0x430044 0x38ce0 0x372e0 0x3c0
FlushFileBuffers 0x0 0x430048 0x38ce4 0x372e4 0x157
SetEndOfFile 0x0 0x43004c 0x38ce8 0x372e8 0x453
SetFilePointer 0x0 0x430050 0x38cec 0x372ec 0x466
SetFileAttributesW 0x0 0x430054 0x38cf0 0x372f0 0x461
GetFileAttributesW 0x0 0x430058 0x38cf4 0x372f4 0x1ea
FindClose 0x0 0x43005c 0x38cf8 0x372f8 0x12e
FindFirstFileW 0x0 0x430060 0x38cfc 0x372fc 0x139
FindNextFileW 0x0 0x430064 0x38d00 0x37300 0x145
GetVersionExW 0x0 0x430068 0x38d04 0x37304 0x2a4
GetCurrentDirectoryW 0x0 0x43006c 0x38d08 0x37308 0x1bf
GetFullPathNameW 0x0 0x430070 0x38d0c 0x3730c 0x1fb
FoldStringW 0x0 0x430074 0x38d10 0x37310 0x15c
GetModuleFileNameW 0x0 0x430078 0x38d14 0x37314 0x214
GetModuleHandleW 0x0 0x43007c 0x38d18 0x37318 0x218
FindResourceW 0x0 0x430080 0x38d1c 0x3731c 0x14e
FreeLibrary 0x0 0x430084 0x38d20 0x37320 0x162
GetProcAddress 0x0 0x430088 0x38d24 0x37324 0x245
GetCurrentProcessId 0x0 0x43008c 0x38d28 0x37328 0x1c1
ExitProcess 0x0 0x430090 0x38d2c 0x3732c 0x119
SetThreadExecutionState 0x0 0x430094 0x38d30 0x37330 0x493
Sleep 0x0 0x430098 0x38d34 0x37334 0x4b2
LoadLibraryW 0x0 0x43009c 0x38d38 0x37338 0x33f
GetSystemDirectoryW 0x0 0x4300a0 0x38d3c 0x3733c 0x270
CompareStringW 0x0 0x4300a4 0x38d40 0x37340 0x64
AllocConsole 0x0 0x4300a8 0x38d44 0x37344 0x10
FreeConsole 0x0 0x4300ac 0x38d48 0x37348 0x15f
AttachConsole 0x0 0x4300b0 0x38d4c 0x3734c 0x17
WriteConsoleW 0x0 0x4300b4 0x38d50 0x37350 0x524
GetProcessAffinityMask 0x0 0x4300b8 0x38d54 0x37354 0x246
CreateThread 0x0 0x4300bc 0x38d58 0x37358 0xb5
SetThreadPriority 0x0 0x4300c0 0x38d5c 0x3735c 0x499
InitializeCriticalSection 0x0 0x4300c4 0x38d60 0x37360 0x2e2
EnterCriticalSection 0x0 0x4300c8 0x38d64 0x37364 0xee
LeaveCriticalSection 0x0 0x4300cc 0x38d68 0x37368 0x339
DeleteCriticalSection 0x0 0x4300d0 0x38d6c 0x3736c 0xd1
SetEvent 0x0 0x4300d4 0x38d70 0x37370 0x459
ResetEvent 0x0 0x4300d8 0x38d74 0x37374 0x40f
ReleaseSemaphore 0x0 0x4300dc 0x38d78 0x37378 0x3fe
WaitForSingleObject 0x0 0x4300e0 0x38d7c 0x3737c 0x4f9
CreateEventW 0x0 0x4300e4 0x38d80 0x37380 0x85
CreateSemaphoreW 0x0 0x4300e8 0x38d84 0x37384 0xae
GetSystemTime 0x0 0x4300ec 0x38d88 0x37388 0x277
SystemTimeToTzSpecificLocalTime 0x0 0x4300f0 0x38d8c 0x3738c 0x4be
TzSpecificLocalTimeToSystemTime 0x0 0x4300f4 0x38d90 0x37390 0x4d0
SystemTimeToFileTime 0x0 0x4300f8 0x38d94 0x37394 0x4bd
FileTimeToLocalFileTime 0x0 0x4300fc 0x38d98 0x37398 0x124
LocalFileTimeToFileTime 0x0 0x430100 0x38d9c 0x3739c 0x346
FileTimeToSystemTime 0x0 0x430104 0x38da0 0x373a0 0x125
GetCPInfo 0x0 0x430108 0x38da4 0x373a4 0x172
IsDBCSLeadByte 0x0 0x43010c 0x38da8 0x373a8 0x2fe
MultiByteToWideChar 0x0 0x430110 0x38dac 0x373ac 0x367
WideCharToMultiByte 0x0 0x430114 0x38db0 0x373b0 0x511
GlobalAlloc 0x0 0x430118 0x38db4 0x373b4 0x2b3
GetTickCount 0x0 0x43011c 0x38db8 0x373b8 0x293
SetCurrentDirectoryW 0x0 0x430120 0x38dbc 0x373bc 0x44d
GetExitCodeProcess 0x0 0x430124 0x38dc0 0x373c0 0x1df
GetLocalTime 0x0 0x430128 0x38dc4 0x373c4 0x203
MapViewOfFile 0x0 0x43012c 0x38dc8 0x373c8 0x357
UnmapViewOfFile 0x0 0x430130 0x38dcc 0x373cc 0x4d6
CreateFileMappingW 0x0 0x430134 0x38dd0 0x373d0 0x8c
OpenFileMappingW 0x0 0x430138 0x38dd4 0x373d4 0x379
GetCommandLineW 0x0 0x43013c 0x38dd8 0x373d8 0x187
SetEnvironmentVariableW 0x0 0x430140 0x38ddc 0x373dc 0x457
ExpandEnvironmentStringsW 0x0 0x430144 0x38de0 0x373e0 0x11d
GetTempPathW 0x0 0x430148 0x38de4 0x373e4 0x285
MoveFileExW 0x0 0x43014c 0x38de8 0x373e8 0x360
GetLocaleInfoW 0x0 0x430150 0x38dec 0x373ec 0x206
GetTimeFormatW 0x0 0x430154 0x38df0 0x373f0 0x297
GetDateFormatW 0x0 0x430158 0x38df4 0x373f4 0x1c8
GetNumberFormatW 0x0 0x43015c 0x38df8 0x373f8 0x233
RaiseException 0x0 0x430160 0x38dfc 0x373fc 0x3b1
GetSystemInfo 0x0 0x430164 0x38e00 0x37400 0x273
VirtualProtect 0x0 0x430168 0x38e04 0x37404 0x4ef
VirtualQuery 0x0 0x43016c 0x38e08 0x37408 0x4f1
LoadLibraryExA 0x0 0x430170 0x38e0c 0x3740c 0x33d
IsProcessorFeaturePresent 0x0 0x430174 0x38e10 0x37410 0x304
IsDebuggerPresent 0x0 0x430178 0x38e14 0x37414 0x300
UnhandledExceptionFilter 0x0 0x43017c 0x38e18 0x37418 0x4d3
SetUnhandledExceptionFilter 0x0 0x430180 0x38e1c 0x3741c 0x4a5
GetStartupInfoW 0x0 0x430184 0x38e20 0x37420 0x263
QueryPerformanceCounter 0x0 0x430188 0x38e24 0x37424 0x3a7
GetCurrentThreadId 0x0 0x43018c 0x38e28 0x37428 0x1c5
GetSystemTimeAsFileTime 0x0 0x430190 0x38e2c 0x3742c 0x279
InitializeSListHead 0x0 0x430194 0x38e30 0x37430 0x2e7
TerminateProcess 0x0 0x430198 0x38e34 0x37434 0x4c0
RtlUnwind 0x0 0x43019c 0x38e38 0x37438 0x418
EncodePointer 0x0 0x4301a0 0x38e3c 0x3743c 0xea
InitializeCriticalSectionAndSpinCount 0x0 0x4301a4 0x38e40 0x37440 0x2e3
TlsAlloc 0x0 0x4301a8 0x38e44 0x37444 0x4c5
TlsGetValue 0x0 0x4301ac 0x38e48 0x37448 0x4c7
TlsSetValue 0x0 0x4301b0 0x38e4c 0x3744c 0x4c8
TlsFree 0x0 0x4301b4 0x38e50 0x37450 0x4c6
LoadLibraryExW 0x0 0x4301b8 0x38e54 0x37454 0x33e
QueryPerformanceFrequency 0x0 0x4301bc 0x38e58 0x37458 0x3a8
GetModuleHandleExW 0x0 0x4301c0 0x38e5c 0x3745c 0x217
GetModuleFileNameA 0x0 0x4301c4 0x38e60 0x37460 0x213
GetACP 0x0 0x4301c8 0x38e64 0x37464 0x168
HeapFree 0x0 0x4301cc 0x38e68 0x37468 0x2cf
HeapAlloc 0x0 0x4301d0 0x38e6c 0x3746c 0x2cb
HeapReAlloc 0x0 0x4301d4 0x38e70 0x37470 0x2d2
GetStringTypeW 0x0 0x4301d8 0x38e74 0x37474 0x269
LCMapStringW 0x0 0x4301dc 0x38e78 0x37478 0x32d
FindFirstFileExA 0x0 0x4301e0 0x38e7c 0x3747c 0x133
FindNextFileA 0x0 0x4301e4 0x38e80 0x37480 0x143
IsValidCodePage 0x0 0x4301e8 0x38e84 0x37484 0x30a
GetOEMCP 0x0 0x4301ec 0x38e88 0x37488 0x237
GetCommandLineA 0x0 0x4301f0 0x38e8c 0x3748c 0x186
GetEnvironmentStringsW 0x0 0x4301f4 0x38e90 0x37490 0x1da
FreeEnvironmentStringsW 0x0 0x4301f8 0x38e94 0x37494 0x161
GetProcessHeap 0x0 0x4301fc 0x38e98 0x37498 0x24a
SetStdHandle 0x0 0x430200 0x38e9c 0x3749c 0x487
HeapSize 0x0 0x430204 0x38ea0 0x374a0 0x2d4
GetConsoleCP 0x0 0x430208 0x38ea4 0x374a4 0x19a
GetConsoleMode 0x0 0x43020c 0x38ea8 0x374a8 0x1ac
SetFilePointerEx 0x0 0x430210 0x38eac 0x374ac 0x467
DecodePointer 0x0 0x430214 0x38eb0 0x374b0 0xca
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
takeaway (2).exe 1 0x00ED0000 0x00F31FFF Relevant Image - 32-bit - False False
...
takeaway (2).exe 1 0x00ED0000 0x00F31FFF Process Termination - 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Trojan.Heur.LShot.1
Malicious
takeaway.ps1 Dropped File Text
Malicious
...
»
Mime Type text/x-powershell
File Size 3.32 KB
MD5 702876219938ea5fc75c37167812154c Copy to Clipboard
SHA1 3a496c8c8b566c93e5c833b59b1415b3ff29846c Copy to Clipboard
SHA256 4900bc04dd328ec2e8686871464834240be89fe8e332bc2b5b0ebca34abfcb12 Copy to Clipboard
SSDeep 96:Dg4b8Fz9zBV+HvAztUf3IGFzDFzNF78xQfpduFzrNcFzX1g:DgFFZFV+HvAztUfYGFfFb78xQfpwF/2Q Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2018-09-26 08:55 (UTC+2)
Last Seen 2018-09-26 08:55 (UTC+2)
Names Win32.Trojan.Lshot
Families Lshot
Classification Trojan
Local AV Matches (1)
»
Threat Name Severity
Gen:Trojan.Heur.LShot.1
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe Dropped File Binary
Malicious
...
»
Also Known As winhost.exe (Dropped File)
\\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe (Dropped File)
C:\Windows\System32\winhost.exe (Dropped File)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 92.50 KB
MD5 79c110814edb31e49dfbba2d8e3c7d99 Copy to Clipboard
SHA1 7c70c1db97606d21ec404b08a83b6bf20ea5708b Copy to Clipboard
SHA256 67e0514e5a730eabcc79ccf67d396e77722452fc34912815ab6b83a016cd401a Copy to Clipboard
SSDeep 1536:mBwl+KXpsqN5vlwWYyhY9S4Ad+SQlmQ+hL9ouRhu+5WuL3KU2+LdX:Qw+asqN5aW/hLm5lmQSp/u+5NL3Kzi Copy to Clipboard
ImpHash f86dec4a80961955a89e7ed62046cc0e Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-12-14 16:27 (UTC+1)
Last Seen 2018-12-15 17:33 (UTC+1)
Names Win32.Trojan.Crysis
Families Crysis
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x40a9d0
Size Of Code 0x9e00
Size Of Initialized Data 0xd400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2017-03-02 23:49:06+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x9c25 0x9e00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.97
.rdata 0x40b000 0x2636 0x2800 0xa200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.79
.data 0x40e000 0xaad5 0xa800 0xca00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.98
Imports (1)
»
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x40b000 0xd508 0xc708 0x245
LoadLibraryA 0x0 0x40b004 0xd50c 0xc70c 0x33c
WaitForSingleObject 0x0 0x40b008 0xd510 0xc710 0x4f9
InitializeCriticalSectionAndSpinCount 0x0 0x40b00c 0xd514 0xc714 0x2e3
LeaveCriticalSection 0x0 0x40b010 0xd518 0xc718 0x339
GetLastError 0x0 0x40b014 0xd51c 0xc71c 0x202
EnterCriticalSection 0x0 0x40b018 0xd520 0xc720 0xee
ReleaseMutex 0x0 0x40b01c 0xd524 0xc724 0x3fa
CloseHandle 0x0 0x40b020 0xd528 0xc728 0x52
Local AV Matches (1)
»
Threat Name Severity
Trojan.Ransom.Crysis.E
Malicious
C:\Boot\BOOTSTAT.DAT.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 64.25 KB
MD5 fdb111d1b2a0a1658574d9bdd990a7f7 Copy to Clipboard
SHA1 03977785a932aef2bee31869c087d197f736d445 Copy to Clipboard
SHA256 f8adae38e1d1d1b5c285507544dce4e72ef668e3fbb961242153924d439f625b Copy to Clipboard
SSDeep 1536:gZVWf2ucsliFSNJhmE7CTLFc7iEANLvD6HnssQOZGsgtfUR:gZVp/slsSNJhoLFc7ir76HnssQbMR Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\BOOTSECT.BAK.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.25 KB
MD5 214cc6d6ceb88ef61336eb2b9c9242f8 Copy to Clipboard
SHA1 3f0e494a77932cfe1475fcb9d603b47af44e35cc Copy to Clipboard
SHA256 94d77a7a2eba4742c463e4e61f05e71a92f2c888a7d17e13884de8e9dee9f8f6 Copy to Clipboard
SSDeep 192:0cVI0KHu1qV++feOKJu0t+gkij7sHkj6Fz:ZilHEqV400t+gBkHa2 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 597eccdccf4fcf155be6573e89d56112 Copy to Clipboard
SHA1 777ca4f4c7c84395bfd602cb91306e43c7e6aea1 Copy to Clipboard
SHA256 a261c85e8cbc27a3618fc1836cf275424863b00672b33cf4dde21ce267cb4778 Copy to Clipboard
SSDeep 48:+qh+7FHMsICZNYy9ZeAk2XuVPIxmD4HteqMN:jh2HMsBNYy+nRQ0N Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 41c318175e157089c88f8eeb8f6c890d Copy to Clipboard
SHA1 8b5fe6768e32b507d739e5ed164281f003b1c02e Copy to Clipboard
SHA256 78ab58e5f09511f758cd176796b8cbe3c9865fe6eb853900b367ef52d41a7dfa Copy to Clipboard
SSDeep 48:L4oRHXSEh7oL+qlNWhoAzHsbE7vM0sBrGG//MHvFMd:oEhxoA+EDM3IZGd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 6c9348c2072f40d5feacad1b224588c7 Copy to Clipboard
SHA1 3e7496cd85a16769fe7a9c0949e18982d0a15f26 Copy to Clipboard
SHA256 f7411cf86ebb2d792567d49490ccc9cc1a7bb5132711f931e6e7ec2fa585dcf3 Copy to Clipboard
SSDeep 48:drVcwIFEvvSoDMtW5mDomk13kd/NZFsnUe7kML:RVcwD9DX4hwkd/NZFY5L Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 f03514e6c0994adf2c3252b12ef72473 Copy to Clipboard
SHA1 95ff3d3eeefd878298dd218dc6509ace1a87e12f Copy to Clipboard
SHA256 b56f402018874e233b6fedc48c5d8fed23c41e85ce947ebbcff9b22f360cd99f Copy to Clipboard
SSDeep 48:ffrUW8s/CUkkeOsRBo40RcrVlI0fGzwQtDnT5CeHXyF1t5TgiQSwiCNbiIkoMMd:nABTc0lI0cDr1CW9hh1xd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 a6b9594dcdeb262b9778d48bd41a792a Copy to Clipboard
SHA1 b1ff7b5ec41d32338fc133b712e8f153867bafb8 Copy to Clipboard
SHA256 63640e009fda4235310a4752d2afdcf49160ad12047716691483e69be4851fd3 Copy to Clipboard
SSDeep 48:l3jxmWDJZqZPnv4/LvP/3IgXgvVb75BRnlehMz:5xmW7t/LnhXyNDz Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 9ba8bff0b2c0356fd144aa2207e4540f Copy to Clipboard
SHA1 8b7fce7d8f8b888224f99e8e3e275cfda84fad68 Copy to Clipboard
SHA256 c07b238ae79982527b0318f6686c14cb011262d32b5d5b71fff281b9cbcaadce Copy to Clipboard
SSDeep 48:HtRkr0POCoM5rPSVo9rSYaWcFr9bVk9LoN3AOSMd:HtRcQ4YJZoWcFr9bkLoNQODd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 ded0607abcf042aa01c9b909bcd753c9 Copy to Clipboard
SHA1 92f8df216cabe1e972ccc8f8f20633714c762c65 Copy to Clipboard
SHA256 f8c7f14a7698e9d64dfb9a02f648457e9e1a416c09446bc565f4c36896a22122 Copy to Clipboard
SSDeep 96:1rq4wr1Azy2o09wvApaXkaUbB0xxituH7Of:1W4KAz3w2aGbuAuHqf Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 04b03ec0bac71faa0e7c0c391e7b8ed6 Copy to Clipboard
SHA1 7d49850dd9b77f556d7110b7f0a36847d87f59bd Copy to Clipboard
SHA256 a5a5a61e70b394a2298c2ef25e1148c90057cca687f87c1547e44bdd336af6b4 Copy to Clipboard
SSDeep 96:L6XXRwbBLc3CJtdz+ZGKVDzXr6Dlm7SiyDH3VbQyN2OA/kPCg8kMx7K6nd:L62bBI36t+T7r6DM7byDFbzN2B/C8Kkd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 6142da418c936cfb93dd6957ba726a91 Copy to Clipboard
SHA1 8c79329f15af9d1364b7240b45d448fde9874512 Copy to Clipboard
SHA256 16ddb7437d854ade581062932209692d5d6eb4d38875e88680a4be18fcadde6c Copy to Clipboard
SSDeep 48:oX5qsvYf2apK8ZoOOZcRtOW89xG15E+QkwEnThIbVUCARQnirMd:fsGtwJZOANYQkwuWbVeWniod Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 0a10dfb623fa8cb8547fefc19d889a64 Copy to Clipboard
SHA1 a28cae8798c1336a005468d936567da1b2953c88 Copy to Clipboard
SHA256 208aa094bd3e8a2c52461686427a6e433ca27f014fd7a6ad8012ae5cc69532ab Copy to Clipboard
SSDeep 48:2bsa5Wm3PfDnWE5PXO5wopVAAburksNMP/g0OreYMJ:csnm3r95vQwoAj6P/3bJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 38918d99358b460e7496566144f39981 Copy to Clipboard
SHA1 ce84d0d781ed5b60b2576dad11d7a0b54018aad9 Copy to Clipboard
SHA256 7b4d6fcf97130629668aca1d33574c87188a56b0fa909d988c970df22305795f Copy to Clipboard
SSDeep 24:dAls3sMASCLxlr6EiN3V9N2lGfQA8IehdopUaOlBTwkM/TSaAYhZWx9yP1dNEd:wscMRYxlroz9N6EbXSdop6BfMbnAwzMd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 945fbf50fd9ce049a925f6b66e0c49a0 Copy to Clipboard
SHA1 f9c45038c13a45ef0c5778a0ab2a6de33552312d Copy to Clipboard
SHA256 58b54f0dd1cda8dbb71aaa67a0ac164a679e92772e3f47386e7f081a23d9c09e Copy to Clipboard
SSDeep 48:8CB6GeoWdQ0MwrkWR5KmFJdP0v9Q8dgAT2Md:8e6WIQ06WR5K6H3ATvd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 690a2e12159a046a6c77cfbaabd4eb86 Copy to Clipboard
SHA1 b9d8b98f38727277a4373d7ad731d9271ba7a34f Copy to Clipboard
SHA256 a406f616f30a37c6c2930152d4c1d913d3f2404d23261f649528ecd40f032c3e Copy to Clipboard
SSDeep 24:RrSFw9am7SodnEHRbuXurwOE9Jo0utQmQQuTUg4flTeKJp9NyTqWcN12T/gnyP10:nk60rrREArxQQfAq5aqWMbcMd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 bfd22d7432848b560c9e5d3491e6786f Copy to Clipboard
SHA1 5c2a1306bc5c4bf03b67dc882a03ee9e161b6927 Copy to Clipboard
SHA256 824a27bf84d3b2e471f11429b0d1d17c84c6e3d5b89de1783b66cfe4faddb7b2 Copy to Clipboard
SSDeep 24:iYzNT9Yvmd7hKGuZkB3wX9lTwO5gB22e6dKEtyP1dNEz:iQ9smddhSTwOS2BuUMz Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 f0f80007426036fab642079a48dcce8a Copy to Clipboard
SHA1 291bc8db6d7ab4370b88012e5b3b2dc5780e63f3 Copy to Clipboard
SHA256 ec832d2c4f24722087309c1f8cde891fe3030faa8ef5da8fa70be8472e3086e0 Copy to Clipboard
SSDeep 96:3tS1v42wVTwQomPg200cNftrzXipBtE8a0xEiJ0cty/1aemYtG1QAbRwNuQ5fjJ1:dS1g7JPgxDxhzXcBtE8MiqcwVZoSAbRu Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 38eeb33a7db8706ee003451d6818ac77 Copy to Clipboard
SHA1 90441e45e303ebac7fb6fc366bffce11d4faf46b Copy to Clipboard
SHA256 0bdf7c66b5c1cbd007aec7ab7dd6b36e73479e2602d4ac1485aca860f22c8e32 Copy to Clipboard
SSDeep 48:E27LNaMCSatwIqDWImuoGT65rdJSto+LL2ij2g1eeMh:EMa1thaWImu3aJH+bjIh Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 1be692c3e57aad40a40aead31bdef7fd Copy to Clipboard
SHA1 44dfb7f02c6749e1e2f1d8929755ef063050b8d4 Copy to Clipboard
SHA256 67983bba998a2abdef861f15cacefebafb0ec5cd54423f7799afb22b75ea4273 Copy to Clipboard
SSDeep 48:k9JiofCqf0kZ3IBBb9Cnp7xrIyFwbPP1TdB8CqgT89UE1h05GCTiLTW6tujX1FMd:k9Jiof3JOHBCnbYbPP1Z6CjT89UEhTgg Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 a9749185fc08d7d3ac7125b17f3180b8 Copy to Clipboard
SHA1 e912513cf54b4b0b91d6cb0165f681bd5f835985 Copy to Clipboard
SHA256 5cca0efcb53dc4be455488408d1313d1fa38006a69fb2262d4af24b24bb71057 Copy to Clipboard
SSDeep 24:/umtnKz+utRZIEBZSXZLbTf1Hu0BAVdXlb8XgjNRFcNFoSHwvLQfWKQQCC4ejcJX:/uMnKPDPsJTPBjXlSBTQfWKQQ34eQSMh Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 ceb64e61b158c926ecdcbf0b1ae887ce Copy to Clipboard
SHA1 3b15add92d04fd6e776ffdc5e0055357bc38182a Copy to Clipboard
SHA256 bba5771a1bf6cdcf55778a617b8374a5cf34bdecf7ea2d120cd9d542e808f23f Copy to Clipboard
SSDeep 48:HdvaaXPAf+oGWFFm8EoRsmDs+kBVcoVC3wwb1cO/o5TrMd:HU2w+o1FFmVEUhEoVC3wwZrAod Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 c25e975e1690ad6c56cfa5cfa3407231 Copy to Clipboard
SHA1 d2c980e2984d3b41a4eb0652b80de033bb8ee46b Copy to Clipboard
SHA256 df22375cfe6a4bde2d5384ae95a2620029f1aa9d20589d63661b55e3057cf290 Copy to Clipboard
SSDeep 48:hOsEGinuUEhUG9ii38TlkqS8R1XjJ+oueZSvlBw/xTepMf:hOsEGinulhUGUi3hBozcox0BGxzf Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 871075eea72db50109c5ba31b9c13db9 Copy to Clipboard
SHA1 078fa354ae58facd1014fdeb0f27ebcc13d52f76 Copy to Clipboard
SHA256 93ceaf4a069dae40974787879ff4cac16f96f699da4b5e668dce4ae7598ce413 Copy to Clipboard
SSDeep 48:akrpnzvEG7t43B4dmE3JZibV6cW1bi5qLN44suVMd:akrpnzMG7t43Bm/UcLLK4dWd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 f3aa2ec5899db1e410354e53355e3f31 Copy to Clipboard
SHA1 c13324ae41594a44a3287788eafebac2adc3e3be Copy to Clipboard
SHA256 9513129b49d8104c940fd8bb00d80f6510c46427715b8b0297d606b98971ae59 Copy to Clipboard
SSDeep 48:a3CCZ3A/MYUoJqoaCSCsmXFgwM+4fMiMtpTPaezMf:mC4A/M3RyFgwf6+Nef Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 cd7450ff7137f31af87344b61686f1ab Copy to Clipboard
SHA1 aa8861e99f2cee0cfdf08eb4031d67999e245e07 Copy to Clipboard
SHA256 8f5de6a53098e67f1506a916b5f97c52a14cbe327b52c1993add5838a4242662 Copy to Clipboard
SSDeep 48:qzBzpU7tyfXdwAPTUgdqdZUnI/ehdE/VCBYze0hSRJHMd:qzB1qgfXdwslqIl+VCBge0Gsd Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 6.33 KB
MD5 c6460a0896e7c523b52d98d92c0c9f43 Copy to Clipboard
SHA1 faa32d4313756537a99f5b70a85592cda258b941 Copy to Clipboard
SHA256 92378c6573c50fe01ae867f461f5486c6527fb91db78d1c7b0ba65f3c0886967 Copy to Clipboard
SSDeep 192:ojrGt2kHbxQyzOah1M0wJMZWFt5P3cj3ytVlPNnoHd:ojqs2O41M0wJeWFt5PSytq9 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 3f8417ee8fc1d8aef55a0d40d4891c67 Copy to Clipboard
SHA1 650cc147b7986d1e512649d2280c6c57fd32c178 Copy to Clipboard
SHA256 6d107f1ae406dbaa1b17a02503881ee6d9b61ce9952b3cadf377da4891bd6cf7 Copy to Clipboard
SSDeep 192:DECCZ3rS8NC4D3iNbRH0lMyJXATpOoVsYE7gz:DHCZ3rTC4DyNAMCQ1OoVHp Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 855.24 KB
MD5 fab9b676d088629a579b850945fd7382 Copy to Clipboard
SHA1 6345a2318f48345bfaf47a9be672b214b3173112 Copy to Clipboard
SHA256 98967b90485fe8f431cc2b8178de1a6821c651a7307abbfc2c093d9edc95be55 Copy to Clipboard
SSDeep 12288:yh00gQSk3gAXwH822GTDGQzjvtR16KzDGyMO5Y2LWl+/Sk7SCYak5RD:qSxAXwH2QzbtR1NDGhuY2Clij7lmRD Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 2284bdeb2387af18fd719f770dc0156c Copy to Clipboard
SHA1 fcbd99159bd188bfc96b5e063a6d204403c753fc Copy to Clipboard
SHA256 f902648fd0eedc9537f74e9b51a703de94c33e12dc47bc930e4bd65e08f9d9f7 Copy to Clipboard
SSDeep 24:1PCGb/SzLikRZ+HdS+J9omGnZhpVtp7GL19I/qtej5VyP1dNE1:1nboXRZ+hEmGnZhpVtcjMqteV+M1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 70e6b422f60e1b81fb43180853b58b05 Copy to Clipboard
SHA1 a361294d0a8898218e513b2358642f513e4126f8 Copy to Clipboard
SHA256 08f08ba1e993629bf4eda3fbc6b87b5f787e268196c73889f5391179c21c2039 Copy to Clipboard
SSDeep 48:UIp2DhpaxIV75ObCSSNFqLv7uIsQSPHJzCfSWkkoR4NMd:g3aOybCbAjuOSPHJqSWkkoR4+d Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 865.24 KB
MD5 afb41c3c0a9c0861b02dabd90d85b07b Copy to Clipboard
SHA1 c790c0201497690d6b2688f26244e3bb2d89b65b Copy to Clipboard
SHA256 1d6b508e1fa7dfbdc998a5f084e125c2bcec9f066a385bbfb71d82c082c0337a Copy to Clipboard
SSDeep 24576:95e8xEsWh3q9iUchXWc2zHSGMkPO8WZY1qNV:Te8qFTcc/ZY1qz Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 848.75 KB
MD5 b5af6c70af5ed6d5e83df915dde9981c Copy to Clipboard
SHA1 4423ea126bd5f8a1f25dde9cb5fc6e9320cddc0d Copy to Clipboard
SHA256 248f2048156db839517f8b0a7069024796eaded29ae642c51e6805d3d48ce95e Copy to Clipboard
SSDeep 12288:I+t2wuoQq8aU9lChOrK0HNtCOVc8yRpkQh1VE4JgcChHOOkNmdbIrHYEfDF1bHA3:I+t2faUehOVPVc8Wh1XObp6YwDF5oTx Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 853.75 KB
MD5 5280610db8b4f98d8d063f843cc7fec2 Copy to Clipboard
SHA1 52227d612fb0b42fdde2512de187307522646294 Copy to Clipboard
SHA256 cc8c64d54a481de588f14ba95521d185ee2bfd38304712eaa856a995c666fd91 Copy to Clipboard
SSDeep 12288:oMcZ7BYxGtFSBhCVI0alhs8C2R6g8AJ7yJuhFsnPb6ecgMi0ex51r1RfpV4SofqD:opVmBaI0m+p6yJuhF2PJvMex4Pqze4 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.25 MB
MD5 3f5a9de2d321019bea1a62cad39bb5f9 Copy to Clipboard
SHA1 5fe8deb24eebe62d8ecd6d80295474b714e81f9f Copy to Clipboard
SHA256 a1f61fddbac00bd351334d95b77e38fb608a703bacefb822109bf0f6a8e63d41 Copy to Clipboard
SSDeep 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+ojSZK:MUvTiNhU4L7tZiTnprP0txRssiK Copy to Clipboard
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 378 bytes
MD5 087f37a3d12e1e63a1e7ceb1c868e832 Copy to Clipboard
SHA1 48677a34a63bcaca0f38245275868c3f96e657af Copy to Clipboard
SHA256 e10fd7faf35c228f34a0d16d9b61d0e60e94fdc99de839bf65298a6ba7fa30de Copy to Clipboard
SSDeep 6:3afQPlMByO6+FipIEPxMotZdJ6WCrmOPtwXAmZb5gyVNpbk2NEMPc7+gr1:FlMByO6IipIE5plAkQpyP1k2NEMEJ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 67.85 MB
MD5 6b078cbccbab0d5edeaa1d85f11ba58a Copy to Clipboard
SHA1 66820f091ea72f244d2d2019748cbda0b7b9702d Copy to Clipboard
SHA256 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 Copy to Clipboard
SSDeep 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 6bebb361bb3666ce095520b2c364792e Copy to Clipboard
SHA1 ece1374b340fad9da4ceca3fc10d35359d8faabe Copy to Clipboard
SHA256 f752e89589b94a646346df88edddaf717c027ba0384ed2006fcb12ab16653052 Copy to Clipboard
SSDeep 24576:zxnP6WBzkm83xgDBo8o93HmJP9VB5bxQrzVDFJdjHs5wuofLfdky20ytJytLmBwg:zDxL8QBo6Tex4S120ytJyfrIWQ9uIr Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 3967c5015591ee28e14d3f9fb90bf13e Copy to Clipboard
SHA1 e60ebabd0357a09f323f163105cfce04bc043005 Copy to Clipboard
SHA256 bf693b0e28b05dda6d3b38f4e064deaf0efd6ad1e86353618c0e9630c5216b89 Copy to Clipboard
SSDeep 49152:zDxL8QBo0Tex4S120ytJyrNTAw2m62OTi:zR89t1a92L Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.94 MB
MD5 2fb10a322517f7cbfb3a6cfe3f7ec571 Copy to Clipboard
SHA1 f50dbea0bf05e4a4f73abb265fef52fa43db4e07 Copy to Clipboard
SHA256 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 Copy to Clipboard
SSDeep 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.88 MB
MD5 0132354deb06c352353675fce278a129 Copy to Clipboard
SHA1 82f447263c0d4d83d398af15034413083edcbc35 Copy to Clipboard
SHA256 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 Copy to Clipboard
SSDeep 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.15 MB
MD5 bf2fe3e7f2a37546bbd11ab1c556678e Copy to Clipboard
SHA1 261cec83de1b9e05e22c31313e18bbbb82952749 Copy to Clipboard
SHA256 450b334dfe81306147b232f1f1d4875fd8d333cf741ca62adf6afff2be3a2479 Copy to Clipboard
SSDeep 49152:zDxL8QBonTex4S120ytJyeJJmUSnTXAaGlZbZo:zR89K1Gv+AXO Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.48 MB
MD5 6bef4de9c4fa6438ad4a85882e41ec18 Copy to Clipboard
SHA1 cdc2e8229bb985fc9f4711f7cd283c61e0ffe7f5 Copy to Clipboard
SHA256 0a358e11e6a87e41266d4e9077e5a2eec5f79b6749dcd6dcb5a6b0df1b31baea Copy to Clipboard
SSDeep 49152:fHYLL/WoWLljb1R6rOSN20yRJ6Uixb5FTRrwTTPe1V:fqLVW6vgiFrTFwTz8V Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.53 MB
MD5 4fb6c079967f604d4b8cdf477caf6de0 Copy to Clipboard
SHA1 a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 Copy to Clipboard
SHA256 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f Copy to Clipboard
SSDeep 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.16 MB
MD5 b38f83e58d4b162102d4d56af462cb48 Copy to Clipboard
SHA1 592130ec3d8073da0cbb06f9ab20d75e38d898d1 Copy to Clipboard
SHA256 6af83319061fcb987eccd36d75a6b208ccdc5e03bfa4f0273e7a10c81706f38a Copy to Clipboard
SSDeep 49152:zDxL8QBoSTex4S120ytJys8s3fUEMYza6TnJ5QaM:zR89r1U88fUVYe6TnJ5W Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 11.70 MB
MD5 052b4a3aaf24e1879297e0f1408c7662 Copy to Clipboard
SHA1 ccf2d2087988828f8117c27f1ec3ccaf4b5b926d Copy to Clipboard
SHA256 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 Copy to Clipboard
SSDeep 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.84 MB
MD5 3d0e1f18676626331ffefafe53b18248 Copy to Clipboard
SHA1 80d370bf723a4b00b769c1a7266d63de82280ab0 Copy to Clipboard
SHA256 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f Copy to Clipboard
SSDeep 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.75 MB
MD5 06e69471c0bb81eb102e539f0a04490d Copy to Clipboard
SHA1 e0e8dbed58bcba38c03ab546d7753d1f973df44f Copy to Clipboard
SHA256 b53484f0eccebe76bbdf0262097d8f747d5a05d0e569a544452eb328aada91bc Copy to Clipboard
SSDeep 196608:iaDH9F7/iHXDI2CPKBUq6qMuGm9vqExoi93nnedBwzSlmKwDhANZbPhn:DDdFDX2J5uuGyCfi9uIQmlANRh Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[fire_show@tuta.io].adobe Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.54 MB
MD5 6c25f932edf3796a653939a2922616be Copy to Clipboard
SHA1 cda6ed0dfddf65446c2145ed634790c82729fb7d Copy to Clipboard
SHA256 2404e0342410baa6628241743f12eaada69b70c0a74bb84ee3e742e2c09697c6 Copy to Clipboard
SSDeep 98304:zDMUwxyODPFhbY12HLodiF4+5riSBTUTIH1CyWj0tD:z4UwVthio4uTUQ15WM Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image